Counterfeit Chips Raise New Terror, Hacking Fears 173
mattnyc99 writes "We've seen overtures by computer manufacturers to build in chip security before, but now Popular Mechanics takes a long look at growing worries over counterfeit chips, from the military and FAA to the Department of Energy and top universities. While there's still never been a fake-chip sabotage or info hack on America by foreign countries or rogue groups, this article suggests just how easy it would be for chips embedded with time-release cripple coding to steal data or bring down a critical network - and how that's got Homeland shaking in its boots (but not Bruce Schneier). While PopMech has an accompanying story on the possible end of cheap gadget manufacturing in China as inflation rates soar there, it's the global hardware business in general that has DoD officials freaking out over chips."
So maybe there is a market... (Score:2, Interesting)
...for this [slashdot.org], after all.
The focus of comments through the article was that very few people had actually come across counterfeit chips, and the financial repercussions were limited. This shifts the focus to security, which does raise different questions
Digital Picture frames. (Score:5, Interesting)
Turnabout (Score:2, Interesting)
One wonders whether the reverse is true, and if so, why other countries are not freaking out about it...
Re:The Counterfeit Bolt Problem (Score:3, Interesting)
Re:TFA (Score:3, Interesting)
What we're talking about there is Cold war V2.0 with China.
There is no shortage of people who theorize that Russia at one point might have been able to pull of some crazy hack that disabled all of our electronics using Tesla tech; what we're talking about here is an ACTUAL ability for China to do it.
The real solution to this problem is to bring manufacturing back to the United States.
Unfortunately this requires more regulation on American Companies.
NSA (Score:2, Interesting)
Re:The Counterfeit Bolt Problem (Score:2, Interesting)
Execute every manager and owner of a company found to engage in such corruption.
Such corruption strikes at the very heart of civilized society, and it should be punished with ferocious justice. It is time people in positions of authority answer for their incompetence with their lives.
Lou Dobbs? Is that You! (Score:3, Interesting)
They have seeded stories from Military and "Intelligence" sources for years.
The CIA did this... (Score:5, Interesting)
In fact, it culminated in the mid 80's when a brand new pipeline was turned on with turbines taken from America via a Canadian intermediary. The turbines purposely malfunctioned and the resulting blast was about 1/4 the size of Hiroshima. Taking out such an important oil pipeline made a non-trivial dent in the Soviet economy.
Look up the "Farewell Dossier".
What is old is new again.
Done before (Score:-1, Interesting)
During the COCOM technology embargo era US intelligence services secretly supplied the USSR computer equipments with rigged chips. These computers were used in critical applications, including oil industry. In the mid 80's the American government revealed and demonstrated that they owned critical Russian computer infrastructure.
According to some analyst this was a major factor in the sudden collapse of the political system: the Russians had no way to know and verify how deeply they were penetrated.
It's strange to hear that anybody in the US in charge is surprised now...
Re:TFA... HOW can you call it war? (Score:3, Interesting)
If the US government (by extension, the wealthy, the connected, the power brokers, then the consumers/prosumers) want cheap goods, then they will be made in China or elsewhere. If the US wants security to not be threatened by counterfeit goods (bads) then it OUGHT to SHUT UP and bite the bullet and manufacture ALL infrastructure-threat-capable electronics domestically.
But, it can't. It can't because to do so would buck or contravene many conventions, trade acts, and agreements. If the US can't trust Asian producers, what makes it think it's safe trusting European producers? Only irrational comfort in color-based similarity and common heritage is probably all there is.
So, the next best thing is for governments to stop dicking around and posturing as soft-enemies. If China never has to fear the US, then national or entrepreneurial counterfeits orders might not be a real problem. If the US stops trying to f*sking trying to be NUMERO UNO/Master-of-the-Universe, other nations might feel less threatened. If the US is less feared, sure, some will still try to exploit it, but that is best done economically, which is already the case: multiple hands from multiple nations and places from Dubai to Israel, to UK to Tokyo to Beijing, to Venezuela (oil, cheap oil) will have some tug and push on the US. Small, but definitely felt.
All this just reminds me of the post by a sysadmin about 2 weeks ago who said as long as the counterfeits work until he's got his ROI, or as long as they don't crash or trash his network and as long as the only difference is in the serial numbers, then he doesn't care, because he saved money. Well, how can HE ever know his company's chips are not trojan chips? He's not likely to have Cisco come do an audit on the chip code or substrates or pins. He'd get fire if it's shown he knew and did nothing. Well, MAYBE he'd be fired.
i wouldn't be surprised if 45% of US infrastructure and maybe the same of the EU and even Japan has been "infiltrated" (used not in the "evil" sense, but in the penetration sense) by counterfeit chips. I wouldn't be surprised to learn that prior to off-shoring chip plants to China that the US was sending "counterfeit" or infiltration chips to other nations. These companies probably did it at the bidding of the US government, under black ops national security project, which we'll never be able to prove nor disprove, given the secret accounting and multitudes of project names and cover names.
So, in all, this is "touche", or Karma (good or bad) at work or in play.
Re:TFA (Score:3, Interesting)
Smoke and Mirrors (Score:3, Interesting)
Rather than wail and moan about supposedly fake chips, what the manufacturers should do is put on-line the database of valid serial numbers and their specs and history and let end users have access to this information and even add to the database (if they so choose) their ownership of a serial number. This would have several benefits: Fake chips would have a problem of not having a large pool of valid serial numbers (it would be easy enough to not have the database expose the entire list, and limit the number of chips that could be looked up by any IP in a short time) and if fake chips all used the same ID this could be quickly detected. Users could also confirm that the specs for the chip they bought were the specs the manufacturer intended, preventing the practice or remarking chips for higher clock frequencies. A user who desired it could have a lot of confidence that is chip was not counterfeit just by checking into the database and learning what the manufacturer knew about his chip. Chips with serious bugs that were recalled would be detected easily without alarming users of unaffected chips. And this could even provide a service of letting one register their CPU serial number, if they wanted the computer to be able to be look up by law enforcement or others later in the case of theft. That this isn't already being done, yet the industry is acting like counterfeit chips are a big problem, seems to be telling me something is bogus about their claims of doom.
Re:ARRRGH! TERROR! (Score:2, Interesting)
Re:The Counterfeit Bolt Problem (Score:4, Interesting)
However, if executives were required to spend time IN JAIL, that might be pretty effective. Charging Mr. $$$$$$$$$ a few $$ isn't going to hurt him much. He needs to actually sit in a cell and have his photo taken for the newspaper.
Re:Already been done, but it's difficult (Score:4, Interesting)
But it would require only a handful of malformed vias among millions to make your 'military grade' memory-wiping electronics get stuck at 'do not wipe' and your built-in test hardware get stuck at 'no problem'.
Just my $0.02